| | CVE-2026-33894 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33891 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33871 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33870 | Red Hat | high | 7.5 | 0.0%
| | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-34475 | Red Hat | medium | 5.4 | 0.1%
| | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url sce… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-15381 | Red Hat | high | 8.1 | 0.0%
| | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-28369 | Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-28367 | Apache | high | 8.7 | 0.7%
| | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` a… | Mar 27, 2026 | Jun 29, 2026 |
| | CVE-2026-28368 | Apache | high | 8.7 | 0.7%
| | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra… | Mar 27, 2026 | Jun 29, 2026 |
| | CVE-2026-4980 | Red Hat | medium | 6.3 | 0.0%
| | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27879 | Grafana | medium | 6.5 | 0.4%
| | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Jun 17, 2026 |
| | CVE-2026-28375 | Grafana | medium | 6.5 | 0.4%
| | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Jun 17, 2026 |
| | CVE-2026-27876 | Grafana | critical | 9.1 | 1.9%
| | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary … | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-33758 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27880 | Grafana | high | 7.5 | 0.8%
| | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cau… | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-33757 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33750 | Red Hat | medium | 6.5 | 0.0%
| | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27877 | Grafana | medium | 6.5 | 0.3%
| | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed… | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-33748 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33433 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32695 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27860 | Red Hat | low | 3.7 | 0.0%
| | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP au… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27859 | Red Hat | medium | 5.3 | 0.0%
| | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much C… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27858 | Red Hat | high | 7.5 | 0.0%
| | Attacker can send a specifically crafted message before authentication that causes managesieve to al… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27857 | Red Hat | high | 7.5 | 0.0%
| | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27856 | Red Hat | high | 7.4 | 0.0%
| | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attac… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27855 | Red Hat | medium | 6.8 | 0.0%
| | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache i… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-24031 | Red Hat | high | 7.7 | 0.1%
| | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-0394 | Red Hat | medium | 5.3 | 0.0%
| | When dovecot has been configured to use per-domain passwd files, and they are placed one path compon… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59032 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be us… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59031 | Red Hat | medium | 4.3 | 0.0%
| | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59028 | Red Hat | medium | 5.3 | 0.1%
| | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing a… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-22744 | VMware | high | 7.5 | 0.1%
| | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed … | Mar 27, 2026 | Jun 2, 2026 |
| | CVE-2026-22743 | VMware | high | 7.5 | 0.1%
| | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpr… | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2026-22742 | VMware | high | 8.6 | 0.1%
| | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability i… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22738 | VMware | critical | 9.8 | 0.1%
| | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value … | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-34353 | Red Hat | medium | 5.9 | — | | A flaw was found in OCaml. An integer overflow vulnerability exists in the `Bigarray.reshape` functi… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33747 | Red Hat | medium | 8.2 | — | | A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33721 | Red Hat | high | 7.5 | — | | A flaw was found in MapServer, a system for developing web-based Geographic Information System (GIS)… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33701 | Red Hat | high | 8.1 | 0.5%
| | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-4948 | Red Hat | medium | 5.5 | — | | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-4981 | Red Hat | medium | 5.4 | — | | A flaw was found in Red Hat Advanced Cluster Security (ACS). An unauthenticated remote attacker can … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33699 | Red Hat | medium | 6.5 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerabilit… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-27893 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33945 | Red Hat | critical | 9.6 | 0.0%
| | Incus is a system container and virtual machine manager. Incus instances have an option to provide c… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33898 | Red Hat | high | 8.2 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spa… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33897 | Red Hat | high | 9.1 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33743 | Red Hat | medium | 5.5 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafte… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33711 | Red Hat | high | 8.8 | 0.0%
| | Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screen… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33542 | Red Hat | high | 8.5 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validati… | Mar 26, 2026 | Mar 26, 2026 |